Ghostshell leaks 120,000 records from top 100 universities

The hacktivist group behind Project Hellfire claims to have leaked records from 100 of the top universities around the world.
Written by Charlie Osborne, Contributing Writer

On Monday Team GhostShell returned with a new campaign called "Project WestWind". The project is aimed at "raising awareness towards the changes made in today's education, how new laws imposed by politicians affect us, our economy and overall, our way of life," -- and to make their presence known, how better than to dump data and expose vulnerabilities in university networks?


Known for their role in Project Hellfire -- which lifted a million accounts from organisations across the world including the CIA and Wall Street -- the Anonymous-related group has now targeted both domestic and international universities.

Tweeting a message the same day of the attack, group leader 'DeadMellox' linked to a dump on Pastebin, complete with separate mirrors for individual institutions.

The list includes Harvard, John Hopkins, the University of Michigan, Tokyo University, New York University, Princeton and the University of Rome.

Information dumped in each mirror contains email addresses, passwords, IDs and names of students and faculty members, although many are hashed.

In the Pastebin message, GhostShell cited tuition fees, politics, heavy-handed teaching regulations and job uncertainty as issues that need to be addressed. The document reads:

"After carefully filtering the [servers] that we've already leaked before and the ones where Anonymous has in major operations, we have eventually got together a new fresh list. The majority of them should be here. Also, some of us decided to go ahead and add vulnerable links to the other ones anyway, which you can find at the bottom, at 'Other Universities'."

The group finished with a warning, stating that many of the databases were already injected with malware, saying it was no surprise as some have credit card information stored on their servers.

Earlier this year, Ghostshell claimed responsibility for the Hellfire leak which stole one million user accounts from roughly 100 website owned by government agencies, banks and consulting firms. According to the groups' Twitter feed, it seems they plan to "head back East" for the next project.

ZDNet has reached out to several of the universities involved and will update if a response is recieved. 

Editorial standards